Symptom
release.yaml → ios-deploy job fails at sync_code_signing with:
ERROR: Exit status: 128
ERROR: Error cloning certificates repo, please make sure you have read access to the repository you want to use
Match is invoked in readonly: true mode against the certificates repo. The fastlane setup step (Setup SSH access for Fastlane Match) reports success earlier in the job, but the actual git clone from Match::Storage::GitStorage#download exits 128.
android-deploy in the same release run succeeds, so the failure is iOS-only.
When it started
| Tag |
Date |
ios-deploy |
| v1.0.71 |
2026-06-01 |
fail |
| v1.0.70 |
2026-05-28 |
success |
| v1.0.69 |
2026-05-28 |
success |
| v1.0.68 |
2026-05-27 |
success |
| v1.0.67 |
2026-05-26 |
success |
Window for the regression: 2026-05-28 → 2026-06-01. Nothing in the iOS-deploy job, Fastfile, or Matchfile should have changed in that window (most pushes in the period were app code and CI workflows, none touched iOS signing config).
Suspect causes, in order of likelihood:
- Match certificate-repo SSH deploy key rotated, revoked, or removed on the cert repo side — the GH Actions secret with the private key no longer matches a registered key.
- Cert repo moved, renamed, or transferred — the URL in
Matchfile no longer resolves to a readable repo.
- Cert repo permission tier changed (e.g., owning team / membership change broke read access from the Actions runner identity).
- macOS runner SSH known_hosts drift — possible but less likely given the
Setup SSH access for Fastlane Match step ran green.
git exit 128 typically means authentication/authorization or unreachable remote — both are repo-access issues, not Match-internal logic.
Verification suggestions
- Run the
ios-deploy job manually (workflow_dispatch on release.yaml) against a recent tag and capture verbose output (MATCH_VERBOSE=true, FASTLANE_DEBUG=1).
- From the macOS runner host,
ssh -T git@<cert-repo-host> to verify identity.
- Check whether the deploy key on the cert repo is still listed under
Settings → Deploy keys and matches the secret content (compare fingerprints, not the secret itself).
- Re-run the most recent successful tag (v1.0.70) to confirm the failure is universal or tag-specific.
Impact
- All future tagged releases (
v*) will fail to ship iOS builds to TestFlight until resolved.
- Android pipeline is unaffected — Play Internal lane continues to work.
v1.0.71 was tagged but never reached TestFlight; needs re-deploy once fixed.
Run reference
The failing run: https://github.com/DFXswiss/realunit-app/actions/runs/26761585663
Symptom
release.yaml→ios-deployjob fails atsync_code_signingwith:Match is invoked in
readonly: truemode against the certificates repo. The fastlane setup step (Setup SSH access for Fastlane Match) reports success earlier in the job, but the actualgit clonefromMatch::Storage::GitStorage#downloadexits 128.android-deployin the same release run succeeds, so the failure is iOS-only.When it started
Window for the regression: 2026-05-28 → 2026-06-01. Nothing in the iOS-deploy job,
Fastfile, orMatchfileshould have changed in that window (most pushes in the period were app code and CI workflows, none touched iOS signing config).Suspect causes, in order of likelihood:
Matchfileno longer resolves to a readable repo.Setup SSH access for Fastlane Matchstep ran green.git exit 128typically means authentication/authorization or unreachable remote — both are repo-access issues, not Match-internal logic.Verification suggestions
ios-deployjob manually (workflow_dispatchonrelease.yaml) against a recent tag and capture verbose output (MATCH_VERBOSE=true,FASTLANE_DEBUG=1).ssh -T git@<cert-repo-host>to verify identity.Settings → Deploy keysand matches the secret content (compare fingerprints, not the secret itself).Impact
v*) will fail to ship iOS builds to TestFlight until resolved.v1.0.71was tagged but never reached TestFlight; needs re-deploy once fixed.Run reference
The failing run: https://github.com/DFXswiss/realunit-app/actions/runs/26761585663